CVE-2019-19193 — Improper Input Validation in Ble-stack

CWE-20 — Improper Input Validation6 documents3 sources

Severity

7.5HIGHNVD

NVD6.5CNA6.5

EPSS

0.2%

top 58.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

TI Ble-stack TI Cc2640r2 Software Development KIT

Timeline

PublishedFeb 10

Latest updateMay 24

Description

The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDti/cc2640r2_software_development_kit3.30.00.20

▶NVDti/ble-stack1.5.0

🔴Vulnerability Details

GHSA

GHSA-6qvv-mgvr-jc3q: u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter↗2022-05-24

▶

GHSA

GHSA-7742-v66h-qf4w: The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3↗2022-05-24

▶

CVEList

CVE-2020-3704: u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter↗2020-11-02

▶

CVEList

CVE-2019-19193: The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3↗2020-02-10

▶